2014 Security Bowl – Hackers: 28 vs. Corporations: 0

Is this Internet Architecture Really Working, Corporate America?

2014 was the “Year of the Security Breach.” The Corporate giants were targeted and hackers have successfully shook the confidence of most Everyone, and informationisbeautiful.net charted the Security Breaches to take your breath away! Over 27 Security Breaches shown depicting their losses!

The victims of these crimes are regular Americans. Their identities breached, their trust diminished, and their limited hard-earned dollars spent to recover and protect themselves from the next hacker or common pickpocket waiting to take his or her wallet. Those same Americans trusted the large corporation’s with their private information because with all the fantastic corporate branding and market dominance, they certainly Must be wiser than some unknown “guy” with a PC, an internet connection, and a Monster drink “High” off the technical Challenge.

I grew up when the I.T. industry emerged, and was a young I.T. professional in the thriving 90s. My I.T. Consulting career was primarily in System Administration, Application Development, and Deployment. My degree and experience are no longer relevant, as they once were, with this current I.T. challenge, but I’ve been concerned about the architecture and corporate business decision to place sensitive information on the internet, accessible to a web browser, when I was building my first SMTP Server. Yes, the software advances and grows more complex. But software is created by flawed humans which have not thought of everything, and then the patches have to be applied and vulnerabilities may exist to be merely tapped into.

In the I.T. world I think of this issue a little like an old wild west theme. On the good side, and with the law, the super intelligent technical heroes in tall white hats stand guard at the door of the town bank. The mysterious, also extremely intelligent technical hackers [in black hats of course], set their sights on the bank vault. At least in movies we had hats to tell us who was on which side. In real life, I suppose, an intelligent human being would have to just change the color of the hat and walk right into the bank… in the disguise of “a good guy.” That would be a modern day spy or imposter.

So after all of these security breaches is there Anyone out there who really believes private, personal data on the internet is Safe?

As a System Administrator we implemented port encryption and other layers of security. The more layers (like needing several very large numbers in a particular order instead of one very large number), the more secure. A combination of multiple locks makes it more complicated for a would-be Burglar than if there is just one key under the door mat to look for. The primary goal for corporations is to keep the communication “unreadable”.

“…These documents provide the first evidence that a major attack strategy for NSA/GCHQ involves key databases containing the private keys for major sites. For the RSA key exchange ciphersuites of TLS, a single private key is sufficient to recover vast amounts of session traffic — in real time or even after the fact.”

So, even with with technical security layers, there is also a key under the door mat and that’s the NSA Goal;however, I am more concerned about these “black hat hacker bad guys” progress than with the NSA/GCHQ. Our government already knows our private identity information, but hackers are another story. If hackers get the solution “key under the door mat” and get the encryption “keys” to corporations, they can pop the lock to the “vault of all the American Identities”, American private identification information (PII) and information about accounts.

When you are born, you are given a name. You may want to keep it. You certainly cannot change the day you were born. The Social Security Administration doesn’t make it easy to change a uniquely assigned number to you, so once your identity is stolen, it can be sold and used over and over again throughout your whole life.

It seems to me like the only way to protect the data is to completely change to a new architecture designed for security with registration, no anonymity, and leave the public internet for what it was designed to do… be a free exchange of ideas. But, what do I know? I’m no longer an I.T. Consultant.